CN100550765C - A kind of method of protecting internet protocol voice technology gateway media channel - Google Patents
A kind of method of protecting internet protocol voice technology gateway media channel Download PDFInfo
- Publication number
- CN100550765C CN100550765C CNB2006100017807A CN200610001780A CN100550765C CN 100550765 C CN100550765 C CN 100550765C CN B2006100017807 A CNB2006100017807 A CN B2006100017807A CN 200610001780 A CN200610001780 A CN 200610001780A CN 100550765 C CN100550765 C CN 100550765C
- Authority
- CN
- China
- Prior art keywords
- media stream
- gateway
- priority
- packet
- reception priority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a kind of method of the VOIP of protection gateway media channel; source port number by judging VOIP gateway receiving media stream during with media negotiation definite opposite end receiving port number whether identical; when identical, give Media Stream with the highest reception priority, guarantee its preferential access.For the different Media Stream in sending and receiving end, then its priority is carried out dynamic management, for after the higher priority of legal Media Stream setting received, from a plurality of Media Streams of receiving, select the highest Media Stream of priority to issue DSP.Use method of the present invention to protect the media channel of VOIP gateway, can prevent that the VOIP gateway from constantly giving out a contract for a project and cause local gateway paralysis to this gateway under the situation that the other side hangs; Can prevent that also network hacker data falsification bag from carrying out malicious attack, thereby protect gateway; The fail safe and the antijamming capability of VOIP system have been strengthened.
Description
Technical field
The present invention relates to a kind of method of protection VOIP (internet protocol voice technology) gateway (being designated hereinafter simply as gateway) media channel.
Background technology
Circuit switching can not have been satisfied the needs that people carry out the multimedia messages interchange for traditional communication traffic on basis.But the IP network of growing growth becomes people's primary selection with the integration of its cheap price, various media informations, the characteristics such as high reusability of equipment.
At present, the professional packet-switch technology that adopts of many multi-media communications newly developed, bearer network is the IP packet switching network, such as the internet.The advantage of packet switching is the network utilization height, and at the bottom of the cost of communication, and owing to used open framework, the exploitation of new business, popularization ratio are faster.
When using IP or other packet switching networks as bearer network, usually use DSP (digital signal processor) to finish the bi-directional conversion of PCM (pulse code modulation) speech to packet voice, a user's speech is converted to packet after by DSP and transmits on packet network, after packet arrives the opposite end, DSP by the other side is converted to speech again, and vice versa.In the ordinary course of things, the speech processes passage of gateway can only be supported the Media Stream (same source IP address and same source port) in a source in the section at one time, if the source IP difference or the source port number difference of two packets that receive, promptly receive two Media Streams, gently then introduce delay and jitter, influence speech quality, heavy then cause that gateway media channel is unusual, even can cause systemic breakdown.
When the multi-media communication of using IP network to provide was professional, IP network was healthy and strong and reliable not as circuit-switched network.Usually gateway is when media negotiation, and the local terminal gateway can be determined the receiving port number of local terminal, the IP address of opposite end and the receiving port number of opposite end, and does not know the transmitting terminal slogan of opposite end.After media channel is set up, do not check the source port of the packet that is arrived during gateway receiving media stream, i.e. the transmit port of opposite end.Therefore can run into following problem:
1) when gateway is received the invalid packets that comes from network, because the media port that receives is in the scope that gateway is set, this packet can be considered to legal packet.But, can constantly use legal IP and port and send invalid packets when hanging such as port has unusually appearred in opposite end gateway for a certain reason.
For example, gateway A comprises neighboring user line cap P1 and P2, and P1 hangs in communication process, also can constantly give out a contract for a project to the port P1 of the gateway B that converses with it.At this moment, if user's on-hook of non-unusual end, again initiate another user's calling and this user and former abnormal user are in same gateway, this moment, the IP address of transmitting terminal was identical with a last conversation, use another transmit port P2, the receiving port of its opposite end may still be P1, and the port P1 of gateway B will receive two different Media Streams like this, can not correctly receive the Media Stream from the new conversation of gateway A port P2.
2) the network attack program of some malice is sent illegal packet, and these packet ports also may be in the scope that gateway is set.At this moment, if there is new conversation will use the port that receives these packets on the gateway, the illegal packet and the packet of normal talking will use same speech processes passage simultaneously, cause the unusual of this speech processes passage.
Chinese patent application (application number: 03125107) disclose a kind of sequence number and sorted to eliminate the method for its shake time-delay according to RTP (real time transport protocol) packet; This method just utilizes in the RTP packet header sequence number to go shake, if the packet sequence of a certain illegal Media Stream also satisfies output condition, also can be imported in the DSP passage, can not guarantee that the speech processes passage receives only a Media Stream in a period of time, prevent unusually, can not normally receive the Media Stream of new legal conversation.
(application number: 03125108) time stamp that discloses a kind of RTP of utilization packet sorts to eliminate the method for its shake time-delay Chinese patent application.This method is to utilize timestamp to go shake, can not filter out the bag of illegal Media Stream.If invalid packet, perhaps the packet sequence of a certain illegal Media Stream also satisfies output condition, also can be imported in the DSP passage.Therefore can not guarantee that the speech processes passage receives only a Media Stream in a period of time, prevent unusually, can not normally receive the Media Stream of new legal conversation.
Summary of the invention
Technical problem to be solved by this invention provides a kind of method of protecting internet protocol voice technology gateway media channel; can be when some unusual generation; can insert normal talking, and avoid the speech processes passage of gateway in same period, to receive a plurality of Media Streams and take place unusual.
In order to solve the problems of the technologies described above, the invention provides a kind of method of protecting internet protocol voice technology gateway media channel, may further comprise the steps:
(a) after certain receiving port of gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, whether the source port number of judging this packet is identical with the opposite end receiving port number that media negotiation is determined, if identical, carries out next step, otherwise, execution in step (c);
(b) current reception priority is changed to limit priority, submit this packet to subsequent module for processing, after calling out release or end of conversation, described current reception priority is reset to reception priority or the minimum reception priority that is lower than described limit priority, return step (a);
(c) judge whether current reception priority is limit priority, if directly return step (a).
Further, said method also can have following characteristics: described gateway is after receiving the legal packet of a certain Media Stream for the first time, also start a counter for this Media Stream, when the opposite end receiving port number that the source port number that described step (a) gateway is judged this packet and media negotiation are determined is identical, judge again whether the number of data packets of this Media Stream of receiving sets threshold value S1 greater than one, if, execution in step (b) again, otherwise, the count value of this Media Stream correspondence is added one, return step (a) and continue packet receiving.
Further, said method also can have following characteristics: described opposite end gateway is MGCP gateway, H.248 gateway or SIP gateway.
In order to solve the problems of the technologies described above, the present invention provides a kind of method of protecting internet protocol voice technology gateway media channel again, may further comprise the steps:
(A) on gateway, a plurality of reception priority are set respectively, and the current reception priority of correspondence is initialized as minimum reception priority for each receiving port;
(B) after certain receiving port of described gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, search the reception priority that whether has write down this Media Stream according to its source port number, if, execution in step (C), otherwise, execution in step (D);
(C) whether the reception priority of judging this Media Stream is more than or equal to current reception priority, if with this packet submission subsequent module for processing, return step (B), otherwise directly return step (B);
(D) current reception priority is improved one-level, and the reception priority of this Media Stream is changed to current reception priority after the raising, write down the source port number of this Media Stream and receive priority, submit this packet to subsequent module for processing, return step (B);
(E) behind the end of conversation of the existing described Media Stream correspondence that writes down, described gateway is deleted the record of all Media Streams.
Further, said method also can have following characteristics: described gateway is after receiving the legal packet of a certain Media Stream for the first time, also start a counter for this Media Stream, described step (B) judges earlier whether the number of data packets of this Media Stream of receiving sets threshold value S2 greater than one if described gateway is searched the record less than described Media Stream, if, execution in step (D) again, otherwise, the count value of this Media Stream correspondence is added one, return step (B) and continue packet receiving.
Further, said method also can have following characteristics: gateway has been set up table PP and table PC in the described step (A), wherein show PP and be used to write down described media stream source port numbers and receive priority, its dominant record that holds is counted m less than the reception priority number that is provided with; Table PC is used to write down described media stream source port numbers and count value thereof, and can not add record the time, emptying this table adds record again in that described table PP or table PC are full, and emptying when showing PP, current reception priority is changed to minimum reception priority.
In order to solve the problems of the technologies described above, the present invention also provides a kind of method of protecting internet protocol voice technology gateway media channel, may further comprise the steps:
(O) on gateway, a plurality of reception priority are set respectively, and the current reception priority of correspondence is initialized as minimum reception priority for each receiving port;
(P) after certain receiving port of described gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, whether the source port number of judging this packet is identical with the opposite end receiving port number that media negotiation is determined, if it is identical, carry out next step, otherwise, execution in step (R);
(Q) current reception priority is changed to limit priority, submit this packet to subsequent module for processing, after calling out release or end of conversation, described current reception priority is reset to reception priority or the minimum reception priority that is lower than described limit priority, return step (P);
(R) search the reception priority that whether has write down corresponding Media Stream according to the source port number of this packet, if, execution in step (S), otherwise, execution in step (T);
(S) whether the reception priority of judging this Media Stream is more than or equal to current reception priority, if with this packet submission subsequent module for processing, return step (P), otherwise directly return step (P);
(T) current reception priority is improved one-level but can not reach the highest reception priority, the reception priority of this Media Stream is changed to current reception priority after the raising, write down the source port number of this Media Stream and receive priority, submit this packet to subsequent module for processing, return step (P);
Behind end of conversation of described gateway, all records are emptied and current reception priority is resetted.
Further, said method also can have following characteristics: described gateway is after receiving the legal packet of a certain Media Stream for the first time, also start a counter for this Media Stream, when the opposite end receiving port number that the source port number that described step (P) gateway is judged this packet and media negotiation are determined is identical, judge again whether the number of data packets of this Media Stream of receiving sets threshold value S1 greater than one, if, execution in step (Q) again, otherwise, the count value of this Media Stream correspondence is added one, return step (P) and continue packet receiving.
Further, said method also can have following characteristics: described gateway is provided with the maximum Media Stream number that allows record, this number should be less than the reception priority number that is provided with, when record count surpasses this maximum number, should delete existing some or all record, the reception priority that guarantees the Media Stream that the definite opposite end receiving port number of source port number and media negotiation is different is always less than limit priority.
Further, said method also can have following characteristics: the source port number that described step (P) gateway is judged this packet is different with the opposite end receiving port number that media negotiation is determined, and when step (R) is judged the Media Stream that does not also write down this packet correspondence, judge earlier whether the number of data packets of this Media Stream of receiving sets threshold value S2 greater than one, if, execution in step (T) again, otherwise, the count value of this Media Stream correspondence is added one, return step (P) and continue packet receiving.
Further, said method also can have following characteristics: gateway has been set up table PP and table PC in the described step (O), wherein show PP and be used to write down described media stream source port numbers and receive priority, its dominant record that holds is counted m less than the reception priority number that is provided with; Table PC is used to write down described media stream source port numbers and count value thereof, and can not add record the time, emptying this table adds record again in that described table PP or table PC are full, and emptying when showing PP, current reception priority is changed to minimum reception priority Low.
In sum, the invention solves VOIP media gateway in the prior art receives a large amount of invalid data packets and causes systematic function unusual and be subjected to the problem of malicious attack.Improved the fail safe and the anti-attack ability of gateway, made VOIP equipment possess very strong robustness and antijamming capability.And can preferentially insert the Media Stream of new conversation.This method goes for all and uses the communication system of RTP as media transmission protocol.Do not need existing call control protocol to make an amendment.
Description of drawings
Fig. 1 a, Fig. 1 b are the process chart of first embodiment of the invention method.
Fig. 2 is that the port of the normal talking process of an application example of the present invention concerns schematic diagram.
Fig. 3 is that the port of the unusual communication process of an application example of the present invention concerns schematic diagram.
Embodiment
First embodiment
Gateway can uniquely be determined a Media Stream by judging its source IP address and source port number after receiving packet.The present invention is discerned and record by the Media Stream that receiving port is received, and for Media Stream is set different reception priority, preferentially will receive the highest Media Stream of priority and issue DSP, just can guarantee that the speech processes passage only supports the Media Stream in a source in the section at one time, thereby solved when a plurality of Media Streams send to the same medium treatment channel of VOIP gateway, unusual problem can appear in gateway.Further, by rational reception priority level initializing rule, can also make the new legal conversation of the preferential reception of gateway, avoid because of after former conversation one end hangs, the opposite end receiving port can't receive the Media Stream of new conversation, perhaps a certain receiving port is received the malicious attack of illegal program on the gateway, and can't normally receive the Media Stream of conversation.
For MGCP, H.248, the SIP gateway, transmitting terminal slogan and receiving port number one under the normal condition
As be identical.At this moment, the source port number of opposite end receiving port number of determining when gateway will be consulted and the packet that receives, promptly transmitting terminal slogan in opposite end is compared, if both are identical, illustrates that then this packet is the packet of the Media Stream of this negotiation.Will be in the case among the present invention the reception priority of the source port number received of the gateway Media Stream identical with the opposite end receiving port number be made as the highest, preferentially sending to DSP handles, the efficient media stream of new conversation is normally sent, avoided hanging because of port, this receiving port is received the invalid data bag always and can't be sent the situation of follow-up conversation Media Stream again.Note after calling out release, the reception priority of this Media Stream to be resetted, therefore after the conversation middle port is hung, the reception priority of the inactive media stream that this port sends promptly reduces after calling out release, thereby the Media Stream of new conversation can be sent, and can not be subjected to the interference of invalid packets in the communication process.
For gateway H.323, the transmitting terminal slogan of local terminal is different with receiving port number generally speaking.Just can not guarantee the normal transmission of the Media Stream of back one legal conversation this moment by above method.In this case, receiving port for fear of gateway can not normally receive legal packet because of receiving invalid packets or invalid data bag, the present invention carries out dynamic management to the reception priority of Media Stream, the Media Stream height that the reception priority ratio of the Media Stream that receives after making receives earlier, thus avoid invalid or illegal Media Stream to occupy this receiving port all the time.
For the reception priority of the different Media Stream of dynamic management sending and receiving end slogan, gateway is set up following two tables when initialization.Among the application, described sending and receiving end slogan is identical or different, and sending and receiving port wherein refers to send transmitting terminal slogan and the receiving port number on the transmitting terminal gateway of this Media Stream respectively.
Source port number-medium receive the priority mapping table, are called for short table PP (Port-Priority table), and each record comprises the source port number of Media Stream and receives two fields of priority in the table.The buffering area that distributes for table PP can hold n record, and n is less than the priority number that is provided with, and the reception priority of the Media Stream of feasible table PP record just can not reach limit priority.
Source port number-packet receiving count value mapping table is called for short table PC (Port-Counter table), and each record comprises source port number and two fields of packet receiving count value of Media Stream in the table.The buffering area that distributes for table PC can hold m record, and m is less than the priority number that is provided with.
Simultaneously, define a plurality of reception priority.And define current reception priority CurrentRxPriority, and be used to write down the current priority of issuing the Media Stream of DSP, it is initialized as minimum reception priority Low (the Low value is 0).Define count value Counter0, be used to add up the sending and receiving end slogan identical data packet number of reception, be initialized as 0.
Above-mentioned parameter can flexible configuration, for example: thresholding S, the degree of depth n of table PP, the degree of depth m of table PC.These conditions can appropriate combination, modification flexibly.Reach the purpose that on engineering, finds optimal value.
In addition, described gateway also starts a counter for this Media Stream after receiving the legal packet of a certain Media Stream for the first time.
After finishing above-mentioned configuration, the handling process when the VOIP gateway is received the packet of Media Stream may further comprise the steps shown in Fig. 1 a, Fig. 1 b:
As can be seen, for the identical Media Stream of sending and receiving end slogan, except that initial low volume data bag, other data are always preferentially delivered to DSP and are handled.Behind the end of conversation, current reception priority is reset to minimum priority, and empties all records of table PP and table PC by speech business handling process notification gateway.Be that above-mentioned handling process is just in the communication process.
In addition, determining that this Media Stream is provided with a thresholding and can improves judgement to data inclusion method when whether being the preferential Media Stream that receives, the low volume data bag that abandons that causes does not so influence ensuing normal talking, as will then expense is bigger with its buffer memory.
Be processing below to the different Media Stream of transmitting-receiving port:
Whether step 107 judges the reception priority that writes down among the PPItem1 more than or equal to current reception priority, if, this packet is issued DSP handle, return step 101 and continue packet receiving; Otherwise directly return step 101;
Step 109 judges whether table PC is full, if, empty table PC, carry out step 110, otherwise directly carry out step 110;
Step 110 increases a record in table PC, the source port number of establishing this record is SourcePort, and count value is changed to 1, returns step 101 and continues packet receiving;
Whether step 111, the count value of judging record PCItem1 greater than thresholding S, if carry out step 112, otherwise the count value that will write down PCItem1 adds 1, returns step 101 continuation packet receiving;
Step 112 judges whether table PP is full, if carry out step 113, otherwise carry out step 114;
Step 113 empties table PP, and the current reception priority that resets is Low, increases a record PPItem2 then in table PP, and the source port number of this record equals SourcePort, receives priority and equals minimum priority Low, carry out step 115;
Certainly, the record that holds in table PP maximum count n than the reception priority number that is provided with less than 2 o'clock, be made as Low and add one and also be fine, but it receives priority and also is less than limit priority when needing record in the assurance table to fill up.
Step 114 increases a record PPItem2 in table PP, the source port number of this record equals SourcePort, receives priority and equals to show that the highest reception priority adds one in all records of PP, carry out step 115;
Step 115 during less than the reception priority of this new record, is upgraded the reception priority of current reception priority for this new record in current reception priority, returns step 101 and continues packet receiving.
Behind an end of conversation, empty above-mentioned table PP and table PC by speech business handling process notification gateway, and current reception priority is resetted.
In a word, present embodiment is to the processing of the different Media Stream of transmitting-receiving port, be behind the packet of receiving a certain Media Stream some, just its priority is changed in the different Media Stream of all transmitting-receiving ports the highest, when not receiving and dispatching the identical Media Stream of port, this Media Stream can interrupt before having received and dispatched the different Media Stream of port current.After the corresponding end of conversation of Media Stream of record, delete all records current reception priority that should reset again, thereby when guaranteeing that the speech processes passage is only supported the Media Stream in a source in the section at one time, the conversation that makes the back insert has higher priority, has avoided illegal and invalid data to take the situation of a receiving port for a long time.
Take an application example process to simulate flow process of the present invention below, suppose that the opposite end gateway B transmitting-receiving port in this example is identical, please refer to Fig. 2 and Fig. 3.
After the user Aa of gateway A powers on, the user Ba of called gateways B, the media negotiation result is: the receiving port 4000 of Aa, IP:192.168.1.100, the receiving port 4002 of Ba, IP:192.168.1.200, in communication process subsequently, user Ba issues that source IP is 192.168.1.200 in the voice packet of user Aa, and source port number is 4002 (the transmitting terminal slogans of Ba), and the destination slogan is 4000 (receiving port numbers of Aa).If it is unusual that this conversation occurs, the transmit port 4002 of gateway B is hung, and constantly gives out a contract for a project to the receiving port 4000 of gateway A.After Aa user's on-hook, call out the user Bb on the B gateway again, at this moment, this new calling media negotiation result is: the receiving port number of Aa still is 4000, IP:192.169.1.100; The receiving port number of Bb is 4004, IP:192.169.1.200, the opposite end sends Bb user's data bag (source IP address 192.168.1.200, source port number is 4004, the destination slogan is 4000) arrive this VOIP gateway port, at this moment, receiving port 4000 (Aa user) should receive the bag from opposite end transmit port 4002 (Ba user), receive the bag from opposite end transmit port 4004 (Bb user) again, it is unusual to cause Aa user place gateway A to take place.
And by the inventive method, gateway A is preserved the receiving port 4004 of Bb in the media negotiation, judges then whether the source port of the packet of sending equates with 4004, if equate, and preferential the reception.Obviously, this moment, the bag source port sent out of Ba user was 4002, and the source port of the bag that Bb user sends out is 4004, thereby gateway A can preferentially receive the bag that Bb user sends out, and did not receive the bag that Ba user sends out.
Second embodiment
The applied network of present embodiment uses be MGCP, H.248, the gateway (also being not limited only to this) of type such as SIP, also only consideration is preferential sends the identical Media Stream of transmitting-receiving port, and can not do dynamically arranging of reception priority for the different Media Stream of transmitting-receiving port.Its handling process that receives packet is as follows:
Step 1, after certain receiving port of gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, whether the source port number of judging this packet is identical with the opposite end receiving port number that media negotiation is determined, if it is identical, execution in step two, otherwise, execution in step four;
Step 2 judges earlier whether the number of data packets of this Media Stream of receiving sets threshold value S greater than one, if execution in step three again, otherwise, the count value of this Media Stream correspondence is added one, return step 1 and continue packet receiving.
Step 3 is changed to limit priority with current reception priority, submits this packet to subsequent module for processing, returns step 1;
Step 4 judges whether current reception priority is limit priority, if, directly return step 1 and continue packet receiving, this packet is not sent to DSP, always preferentially receive to guarantee the identical packet of transmitting-receiving port.
For the different Media Stream of transmitting-receiving port, present embodiment can adopt following two kinds of processing modes:
First kind is not give record, and two shared passages of Media Stream might occur this moment under abnormal conditions, occurs two Media Streams situation of shared passages simultaneously when still also having avoided the identical Media Stream in sending and receiving end to insert.
Second kind, the source port of the Media Stream received of record but do not distinguish each other priority, and in a communication process, receive only packet from a source port.Can guarantee that like this speech processes passage only supports a Media Stream, but can not preferentially insert the Media Stream of the different follow-up conversation in sending and receiving end.
Similarly, behind the corresponding end of conversation of the identical Media Stream of opposite end receiving port number that source port number and media negotiation are determined, also need current reception priority is resetted.
The 3rd embodiment
The applied network of present embodiment uses is gateway H.323, can only consider that Media Stream keeps a record and the reception priority of Media Stream is done dynamic management this moment, and no matter whether receive and dispatch the identical Media Stream of port.
In the present embodiment, gateway need be provided with a plurality of reception priority respectively for each receiving port, and the current reception priority of correspondence is initialized as minimum reception priority.Its handling process that receives packet is as follows:
Step 1, certain receiving port of described gateway are searched the reception priority that whether has write down this Media Stream after receiving the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal according to its source port number, if, execution in step 2, otherwise, execution in step 3;
Whether step 2, the reception priority of judging this Media Stream be more than or equal to current reception priority, if with this packet submission subsequent module for processing, return step 1, otherwise directly return step 1;
Step 3 judges whether the number of data packets of this Media Stream receive sets threshold value S greater than one, if execution in step 4 again, otherwise, the count value of this Media Stream correspondence is added one, return step 1 and continue packet receiving;
Step 4 improves one-level with current reception priority, and the reception priority of this Media Stream is changed to current reception priority after the raising, writes down the source port number of this Media Stream and receives priority, submits this packet to subsequent module for processing, returns step 1.
In the present embodiment, also can set up table PP and table PC as first embodiment, wherein show PP and be used to write down described media stream source port numbers and receive priority, its dominant record that holds is counted m less than the reception priority number that is provided with; Table PC is used to write down described media stream source port numbers and count value thereof, full and can not add record the time at described table PP or table PC, empty this table and add record again, and when emptying table PP, current reception priority is changed to reception priority Low, and this priority number that receives between priority Low and the limit priority should be more than or equal to m-1.
Similarly, behind the end of conversation of the existing described Media Stream correspondence that writes down, described gateway also needs to delete all records.
Present embodiment can guarantee the speech processes passage at one time section only support a Media Stream, and can preferentially insert the Media Stream of follow-up conversation.
Those skilled in the art can understand, realize at the preferential idiographic flow that sends of Media Stream that the priority dynamic management is identical with the transmitting-receiving port, the mode that a lot of conversion can be arranged, the particularly order of part steps transposing when not changing logical relation, variable link is set etc.Therefore; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (11)
1, a kind of method of protecting internet protocol voice technology gateway media channel may further comprise the steps:
(a) after certain receiving port of gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, whether the source port number of judging this packet is identical with the opposite end receiving port number that media negotiation is determined, if identical, carries out next step, otherwise, execution in step (c);
(b) current reception priority is changed to limit priority, submit this packet to subsequent module for processing, after calling out release or end of conversation, described current reception priority is reset to reception priority or the minimum reception priority that is lower than described limit priority, return step (a);
(c) judge whether current reception priority is limit priority, if directly return step (a).
2, the method for claim 1, it is characterized in that, described gateway is after receiving the legal packet of a certain Media Stream for the first time, also start a counter for this Media Stream, when the opposite end receiving port number that the source port number that described step (a) gateway is judged this packet and media negotiation are determined is identical, judge again whether the number of data packets of this Media Stream of receiving sets threshold value S1 greater than one, if, execution in step (b) again, otherwise, the count value of this Media Stream correspondence is added one, return step (a) and continue packet receiving.
3, the method for claim 1 is characterized in that, described opposite end gateway is MGCP gateway, H.248 gateway or SIP gateway.
4, a kind of method of protecting internet protocol voice technology gateway media channel may further comprise the steps:
(A) on gateway, a plurality of reception priority are set respectively, and the current reception priority of correspondence is initialized as minimum reception priority for each receiving port;
(B) after certain receiving port of described gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, search the reception priority that whether has write down this Media Stream according to its source port number, if, execution in step (C), otherwise, execution in step (D);
(C) whether the reception priority of judging this Media Stream is more than or equal to current reception priority, if with this packet submission subsequent module for processing, return step (B), otherwise directly return step (B);
(D) current reception priority is improved one-level, and the reception priority of this Media Stream is changed to current reception priority after the raising, write down the source port number of this Media Stream and receive priority, submit this packet to subsequent module for processing, return step (B);
(E) behind the end of conversation of the existing described Media Stream correspondence that writes down, described gateway is deleted the record of all Media Streams.
5, method as claimed in claim 4, it is characterized in that, described gateway is after receiving the legal packet of a certain Media Stream for the first time, and also for this Media Stream starts a counter, described step (B) is if described gateway is searched the record less than described Media Stream, judge earlier whether the number of data packets of this Media Stream of receiving sets threshold value S2 greater than one, if, execution in step (D) again, otherwise, the count value of this Media Stream correspondence is added one, return step (B) and continue packet receiving.
6, method as claimed in claim 5, it is characterized in that, gateway has been set up table PP and table PC in the described step (A), wherein shows PP and is used to write down described media stream source port numbers and receives priority, and its dominant record that holds is counted m less than the reception priority number that is provided with; Table PC is used to write down described media stream source port numbers and count value thereof, and can not add record the time, emptying this table adds record again in that described table PP or table PC are full, and emptying when showing PP, current reception priority is changed to minimum reception priority.
7, a kind of method of protecting internet protocol voice technology gateway media channel may further comprise the steps:
(O) on gateway, a plurality of reception priority are set respectively, and the current reception priority of correspondence is initialized as minimum reception priority for each receiving port;
(P) after certain receiving port of described gateway is received the packet of the Media Stream that source address that the opposite end gateway is sent and destination slogan are legal, whether the source port number of judging this packet is identical with the opposite end receiving port number that media negotiation is determined, if it is identical, carry out next step, otherwise, execution in step (R);
(Q) current reception priority is changed to limit priority, submit this packet to subsequent module for processing, after calling out release or end of conversation, described current reception priority is reset to reception priority or the minimum reception priority that is lower than described limit priority, return step (P);
(R) search the reception priority that whether has write down corresponding Media Stream according to the source port number of this packet, if, execution in step (S), otherwise, execution in step (T);
(S) whether the reception priority of judging this Media Stream is more than or equal to current reception priority, if with this packet submission subsequent module for processing, return step (P), otherwise directly return step (P);
(T) current reception priority is improved one-level but can not reach the highest reception priority, the reception priority of this Media Stream is changed to current reception priority after the raising, write down the source port number of this Media Stream and receive priority, submit this packet to subsequent module for processing, return step (P);
Behind end of conversation of described gateway, all records are emptied and current reception priority is resetted.
8, method as claimed in claim 7, it is characterized in that, described gateway is after receiving the legal packet of a certain Media Stream for the first time, also start a counter for this Media Stream, when the opposite end receiving port number that the source port number that described step (P) gateway is judged this packet and media negotiation are determined is identical, judge again whether the number of data packets of this Media Stream of receiving sets threshold value S1 greater than one, if, execution in step (Q) again, otherwise, the count value of this Media Stream correspondence is added one, return step (P) and continue packet receiving.
9, method as claimed in claim 7, it is characterized in that, described gateway is provided with the maximum Media Stream number that allows record, this number should be less than the reception priority number that is provided with, when record count surpasses this maximum number, should delete existing some or all record, the reception priority that guarantees the Media Stream that the definite opposite end receiving port number of source port number and media negotiation is different is always less than limit priority.
10, method as claimed in claim 7, it is characterized in that, the source port number that described step (P) gateway is judged this packet is different with the opposite end receiving port number that media negotiation is determined, and when step (R) is judged the Media Stream that does not also write down this packet correspondence, judge earlier whether the number of data packets of this Media Stream of receiving sets threshold value S2 greater than one, if, execution in step (T) again, otherwise, the count value of this Media Stream correspondence is added one, return step (P) and continue packet receiving.
11, method as claimed in claim 10, it is characterized in that, gateway has been set up table PP and table PC in the described step (O), wherein shows PP and is used to write down described media stream source port numbers and receives priority, and its dominant record that holds is counted m less than the reception priority number that is provided with; Table PC is used to write down described media stream source port numbers and count value thereof, and can not add record the time, emptying this table adds record again in that described table PP or table PC are full, and emptying when showing PP, current reception priority is changed to minimum reception priority Low.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100017807A CN100550765C (en) | 2006-01-25 | 2006-01-25 | A kind of method of protecting internet protocol voice technology gateway media channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100017807A CN100550765C (en) | 2006-01-25 | 2006-01-25 | A kind of method of protecting internet protocol voice technology gateway media channel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101009579A CN101009579A (en) | 2007-08-01 |
| CN100550765C true CN100550765C (en) | 2009-10-14 |
Family
ID=38697747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100017807A Active CN100550765C (en) | 2006-01-25 | 2006-01-25 | A kind of method of protecting internet protocol voice technology gateway media channel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100550765C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8577404B2 (en) | 2008-07-15 | 2013-11-05 | Qualcomm Incorporated | Prioritization of group communications at a wireless communication device |
| US8755831B2 (en) | 2009-03-24 | 2014-06-17 | QYALCOMM Incorporated | Selectively allocating data channel resources to wireless communication devices within a wireless communications system |
| US8738058B2 (en) * | 2009-04-06 | 2014-05-27 | Qualcomm Incorporated | High-priority communications sessions within a wireless communications system |
| CN102137438A (en) * | 2010-01-25 | 2011-07-27 | 华为技术有限公司 | Method and device for allocating internet protocol (IP) network resources |
| CN102799549A (en) * | 2011-05-23 | 2012-11-28 | 中兴通讯股份有限公司 | Multi-source-port data processing method and device |
| CN108243050B (en) * | 2016-12-27 | 2020-04-17 | 中国移动通信有限公司研究院 | Method and equipment for configuring routing table |
| CN108540487B (en) * | 2018-04-24 | 2020-12-08 | 深圳震有科技股份有限公司 | Call release method, storage medium and electronic equipment |
-
2006
- 2006-01-25 CN CNB2006100017807A patent/CN100550765C/en active Active
Non-Patent Citations (4)
| Title |
|---|
| Security Considerations for Voice Over IP Systems. Computer Security Division,Information TechnologyLaboratory,National Institute of Standards and Technology.NIST Special Publication 800-58. 2005 |
| Security Considerations for Voice Over IP Systems. Computer Security Division,Information TechnologyLaboratory,National Institute of Standards and Technology.NIST Special Publication 800-58. 2005 * |
| VoIP Security and Privacy Threat Taxonomy, Public Release1.0. VOIPSA.http://www.voipsa.org/Activities/VOIPSA_Threat_Taxonomy_0.1.pdf. 2005 |
| VoIP Security and Privacy Threat Taxonomy, Public Release1.0. VOIPSA.http://www.voipsa.org/Activities/VOIPSA_Threat_Taxonomy_0.1.pdf. 2005 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101009579A (en) | 2007-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100550765C (en) | A kind of method of protecting internet protocol voice technology gateway media channel | |
| US6611531B1 (en) | Method and apparatus for routing integrated data, voice, and video traffic | |
| US6584108B1 (en) | Method and apparatus for dynamic allocation of multiple signal processing resources among multiple channels in voice over packet-data-network systems (VOPS) | |
| US7860086B2 (en) | Method and apparatus for voice data packets | |
| US8126009B2 (en) | Method and apparatus for providing ringing timeout disconnect supervision in remote telephone extensions using voice over packet-data-network systems (VOPS) | |
| CN100379228C (en) | Net gate system and fault management method | |
| US6763017B1 (en) | Method and apparatus for voice port hunting of remote telephone extensions using voice over packet-data-network systems (VOPS) | |
| CN101159675B (en) | Method of implementing improvement of user service quality in IP multimedia subsystem | |
| US20080107112A1 (en) | Network device and packet forwarding method thereof | |
| US20030206519A1 (en) | System and method for encoding and decoding messages | |
| US7009962B1 (en) | Method and apparatus for providing forwarding on ring-no-answer for remote telephone extensions using voice over packet-data-network systems (VOPS) | |
| US7330460B1 (en) | Method and apparatus for providing efficient VoIP gateway-to-gateway communication | |
| CN100452771C (en) | System and method for realizing Internet protocol voice service | |
| EP1933510B1 (en) | Network switch that is optimized for a telephony-capable endpoint | |
| US7106737B1 (en) | System and method for reinterpreting TOS bits | |
| CN1653795A (en) | Device to terminate a modem relay channel directly to an ip network | |
| Cisco | Cisco Hoot and Holler over IP | |
| CN100579087C (en) | The equipment that is used for modem-relay channel termination | |
| US20040081176A1 (en) | End-to-end voice over ip streams for telephone calls established via legacy switching systems | |
| CN100558189C (en) | A kind of method and system that transmit the isdn call signaling | |
| US6904042B2 (en) | Network coupling device and data network with network coupling device | |
| KR100376133B1 (en) | Method for Prevention of Data Transmission Delay | |
| KR20000040233A (en) | System and method for interworking internet and next generation intelligent network | |
| KR100438899B1 (en) | Router with a built-in VoIP gateway | |
| EP1722544B1 (en) | A method of transmitting telephone conversations data over a second call path |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |